General
-
Target
ovRDe2RyH2kWS1u.exe
-
Size
771KB
-
Sample
220224-rbh29aedcj
-
MD5
87ee91152f7a07f16db9756feae2fb0a
-
SHA1
0a3221619d69958e52f8b8719260196aa130ebcc
-
SHA256
a70a717458c5147a02dca62c03c58d2e11e165180e683fa4755c719e6f9ad9c5
-
SHA512
a385d5b89051a17c6cae76f985aea9f339423a2e6467cf460be495eda78f2791d7a02cfba30ab114a4be506b7aac754737657cd4537efb066723787385bb464a
Static task
static1
Behavioral task
behavioral1
Sample
ovRDe2RyH2kWS1u.exe
Resource
win7-20220223-en
Malware Config
Extracted
xloader
2.5
wdc8
mygotomaid.com
joyoushealthandwellnessspa.com
wefundprojects.com
magicbasketbourse.net
vitos3.xyz
oligopoly.city
beauty-bihada.asia
visitnewrichmond.com
crgeniusworld.biz
bantasis.com
transsexual.pro
casagraph.com
eastjamrecords.com
howtotrainyourmustache.com
heiappropriate.xyz
bataperu.com
ces341.com
prajahitha.com
manuelagattegger.com
wolfpackmotorcycletours.com
yulietrojas.com
dariven.com
dd13thsept.net
kalpeshvasoya.com
theavarosecollection.com
bloody-randoms.com
yngo-arca.com
dealsoffer.xyz
marellaweddingplanner.com
seowongoopain.com
omightygod.com
dqblog.net
thethreadedbrow.com
medflex.center
filpify.com
chaletxp.com
santanderburge.com
171341.com
shannongroves.com
sisoow.quest
harleybowd.com
cardioflextech.com
exspv.com
permianbasinautismacademy.info
gardenchipvip.com
onsitemarketingsolutions.com
cvwerg.com
theketocopywriter.com
telarte-ceramicas.com
j2ig529zbahs.biz
oxygenii.com
extralegally.info
hbdlaq.com
themountainkings.com
fibliz.com
skyrangersfoundation.com
forbabylon.net
weilaiyitj.com
supplementstoreryp.com
thehappyartnook.com
houzzcoin.com
heyitsnew.com
jonnystokes.com
venuesgrantprogram.com
hamiltonrealestate.online
Targets
-
-
Target
ovRDe2RyH2kWS1u.exe
-
Size
771KB
-
MD5
87ee91152f7a07f16db9756feae2fb0a
-
SHA1
0a3221619d69958e52f8b8719260196aa130ebcc
-
SHA256
a70a717458c5147a02dca62c03c58d2e11e165180e683fa4755c719e6f9ad9c5
-
SHA512
a385d5b89051a17c6cae76f985aea9f339423a2e6467cf460be495eda78f2791d7a02cfba30ab114a4be506b7aac754737657cd4537efb066723787385bb464a
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-